ElyBy-Mirror/accounts
1
0
Fork 0
mirror of https://github.com/elyby/accounts.git synced 2024-11-22 21:23:19 +05:30
Code Issues Packages Projects Releases Wiki Activity

Extract public key from private pem file at runtime

Browse Source
This commit is contained in:
ErickSkrauch 2024-06-14 03:03:10 +02:00
parent ca304261a3
commit 0a666e1e12
No known key found for this signature in database
GPG Key ID: 669339FCBB30EE0E
12 changed files with 33 additions and 80 deletions
Show Stats Download Patch File Download Diff File Expand all files Collapse all files

4
.env.dist
View File

@ -9,8 +9,8 @@ EMAILS_RENDERER_HOST=http://emails-renderer:3000
## Security params ## Security params
JWT_USER_SECRET=replace_me_for_production JWT_USER_SECRET=replace_me_for_production
JWT_ENCRYPTION_KEY=thisisadummyvalue32latterslength JWT_ENCRYPTION_KEY=thisisadummyvalue32latterslength
JWT_PRIVATE_PEM_LOCATION= JWT_PRIVATE_KEY_PATH=
JWT_PUBLIC_PEM_LOCATION= JWT_PRIVATE_KEY_PASS=
## External services ## External services
CHRLY_HOST=skinsystem.ely.by CHRLY_HOST=skinsystem.ely.by

2
api/components/Tokens/Algorithms/AlgorithmInterface.php
View File

@ -8,8 +8,6 @@ use Lcobucci\JWT\Signer\Key;
interface AlgorithmInterface { interface AlgorithmInterface {
public function getAlgorithmId(): string;
public function getSigner(): Signer; public function getSigner(): Signer;
public function getPrivateKey(): Key; public function getPrivateKey(): Key;

61
api/components/Tokens/Algorithms/ES256.php
View File

@ -7,68 +7,45 @@ use Lcobucci\JWT\Signer;
use Lcobucci\JWT\Signer\Ecdsa\Sha256; use Lcobucci\JWT\Signer\Ecdsa\Sha256;
use Lcobucci\JWT\Signer\Key; use Lcobucci\JWT\Signer\Key;
class ES256 implements AlgorithmInterface { final class ES256 implements AlgorithmInterface {
/** private string $privateKeyPath;
* @var string
*/
private $privateKey;
/** private ?string $privateKeyPass;
* @var string|null
*/
private $privateKeyPass;
/** private ?Key $privateKey = null;
* @var string
*/
private $publicKey;
/** private ?Key $publicKey = null;
* @var Key|null
*/
private $loadedPrivateKey;
/** private Sha256 $signer;
* @var Key|null
*/
private $loadedPublicKey;
/** public function __construct(string $privateKeyPath, ?string $privateKeyPass = null) {
* TODO: document arguments $this->privateKeyPath = $privateKeyPath;
*
* @param string $privateKey
* @param string|null $privateKeyPass
* @param string $publicKey
*/
public function __construct(string $privateKey, ?string $privateKeyPass, string $publicKey) {
$this->privateKey = $privateKey;
$this->privateKeyPass = $privateKeyPass; $this->privateKeyPass = $privateKeyPass;
$this->publicKey = $publicKey; $this->signer = new Sha256();
}
public function getAlgorithmId(): string {
return 'ES256';
} }
public function getSigner(): Signer { public function getSigner(): Signer {
return new Sha256(); return $this->signer;
} }
public function getPrivateKey(): Key { public function getPrivateKey(): Key {
if ($this->loadedPrivateKey === null) { if ($this->privateKey === null) {
$this->loadedPrivateKey = new Key($this->privateKey, $this->privateKeyPass); $this->privateKey = new Key($this->privateKeyPath, $this->privateKeyPass);
} }
return $this->loadedPrivateKey; return $this->privateKey;
} }
public function getPublicKey(): Key { public function getPublicKey(): Key {
if ($this->loadedPublicKey === null) { if ($this->publicKey === null) {
$this->loadedPublicKey = new Key($this->publicKey); $privateKey = $this->getPrivateKey();
$privateKeyOpenSSL = openssl_pkey_get_private($privateKey->getContent(), $privateKey->getPassphrase() ?? '');
$publicPem = openssl_pkey_get_details($privateKeyOpenSSL)['key'];
$this->publicKey = new Key($publicPem);
} }
return $this->loadedPublicKey; return $this->publicKey;
} }
} }

4
api/components/Tokens/Algorithms/HS256.php
View File

@ -23,10 +23,6 @@ class HS256 implements AlgorithmInterface {
$this->key = $key; $this->key = $key;
} }
public function getAlgorithmId(): string {
return 'HS256';
}
public function getSigner(): Signer { public function getSigner(): Signer {
return new Sha256(); return new Sha256();
} }

11
api/components/Tokens/AlgorithmsManager.php
View File

@ -6,21 +6,24 @@ namespace api\components\Tokens;
use api\components\Tokens\Algorithms\AlgorithmInterface; use api\components\Tokens\Algorithms\AlgorithmInterface;
use Webmozart\Assert\Assert; use Webmozart\Assert\Assert;
class AlgorithmsManager { final class AlgorithmsManager {
/** /**
* @var AlgorithmInterface[] * @var AlgorithmInterface[]
*/ */
private $algorithms = []; private array $algorithms = [];
/**
* @param AlgorithmInterface[] $algorithms
*/
public function __construct(array $algorithms = []) { public function __construct(array $algorithms = []) {
array_map([$this, 'add'], $algorithms); array_map([$this, 'add'], $algorithms);
} }
public function add(AlgorithmInterface $algorithm): self { public function add(AlgorithmInterface $algorithm): self {
$id = $algorithm->getAlgorithmId(); $id = $algorithm->getSigner()->getAlgorithmId();
Assert::keyNotExists($this->algorithms, $id, 'passed algorithm is already exists'); Assert::keyNotExists($this->algorithms, $id, 'passed algorithm is already exists');
$this->algorithms[$algorithm->getSigner()->getAlgorithmId()] = $algorithm; $this->algorithms[$id] = $algorithm;
return $this; return $this;
} }

17
api/components/Tokens/Component.php
View File

@ -25,11 +25,6 @@ class Component extends BaseComponent {
*/ */
public $hmacKey; public $hmacKey;
/**
* @var string
*/
public $publicKeyPath;
/** /**
* @var string * @var string
*/ */
@ -45,16 +40,12 @@ class Component extends BaseComponent {
*/ */
public $encryptionKey; public $encryptionKey;
/** private ?AlgorithmsManager $algorithmManager = null;
* @var AlgorithmsManager|null
*/
private $algorithmManager;
public function init(): void { public function init(): void {
parent::init(); parent::init();
Assert::notEmpty($this->hmacKey, 'hmacKey must be set'); Assert::notEmpty($this->hmacKey, 'hmacKey must be set');
Assert::notEmpty($this->privateKeyPath, 'privateKeyPath must be set'); Assert::notEmpty($this->privateKeyPath, 'privateKeyPath must be set');
Assert::notEmpty($this->publicKeyPath, 'publicKeyPath must be set');
Assert::notEmpty($this->encryptionKey, 'encryptionKey must be set'); Assert::notEmpty($this->encryptionKey, 'encryptionKey must be set');
} }
@ -131,11 +122,7 @@ class Component extends BaseComponent {
if ($this->algorithmManager === null) { if ($this->algorithmManager === null) {
$this->algorithmManager = new AlgorithmsManager([ $this->algorithmManager = new AlgorithmsManager([
new Algorithms\HS256($this->hmacKey), new Algorithms\HS256($this->hmacKey),
new Algorithms\ES256( new Algorithms\ES256("file://{$this->privateKeyPath}", $this->privateKeyPass),
"file://{$this->privateKeyPath}",
$this->privateKeyPass,
"file://{$this->publicKeyPath}"
),
]); ]);
} }

1
api/config/config-test.php
View File

@ -5,7 +5,6 @@ return [
'hmacKey' => 'tests-secret-key', 'hmacKey' => 'tests-secret-key',
'privateKeyPath' => codecept_data_dir('certs/private.pem'), 'privateKeyPath' => codecept_data_dir('certs/private.pem'),
'privateKeyPass' => null, 'privateKeyPass' => null,
'publicKeyPath' => codecept_data_dir('certs/public.pem'),
'encryptionKey' => 'aaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaa', 'encryptionKey' => 'aaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaa',
], ],
'reCaptcha' => [ 'reCaptcha' => [

1
api/config/config.php
View File

@ -34,7 +34,6 @@ return [
'hmacKey' => getenv('JWT_USER_SECRET'), 'hmacKey' => getenv('JWT_USER_SECRET'),
'privateKeyPath' => getenv('JWT_PRIVATE_KEY_PATH') ?: __DIR__ . '/../../data/certs/private.pem', 'privateKeyPath' => getenv('JWT_PRIVATE_KEY_PATH') ?: __DIR__ . '/../../data/certs/private.pem',
'privateKeyPass' => getenv('JWT_PRIVATE_KEY_PASS') ?: null, 'privateKeyPass' => getenv('JWT_PRIVATE_KEY_PASS') ?: null,
'publicKeyPath' => getenv('JWT_PUBLIC_KEY_PATH') ?: __DIR__ . '/../../data/certs/public.pem',
'encryptionKey' => getenv('JWT_ENCRYPTION_KEY'), 'encryptionKey' => getenv('JWT_ENCRYPTION_KEY'),
], ],
'tokensFactory' => [ 'tokensFactory' => [

4
api/tests/_data/certs/public.pem
View File

@ -1,4 +0,0 @@
-----BEGIN PUBLIC KEY-----
MFkwEwYHKoZIzj0CAQYIKoZIzj0DAQcDQgAES2Pyq9r0CyyviLaWwq0ki5uy8hr/
ZbNO++3j4XP43uLD9/GYkrKGIRl+Hu5HT+LwZvrFcEaVhPk5CvtV4zlYJg==
-----END PUBLIC KEY-----

1
composer.json
View File

@ -23,6 +23,7 @@
"ext-json": "*", "ext-json": "*",
"ext-libxml": "*", "ext-libxml": "*",
"ext-mbstring": "*", "ext-mbstring": "*",
"ext-openssl": "*",
"ext-pdo": "*", "ext-pdo": "*",
"ext-simplexml": "*", "ext-simplexml": "*",
"ext-sodium": "*", "ext-sodium": "*",

3
composer.lock generated
View File

@ -4,7 +4,7 @@
"Read more about it at https://getcomposer.org/doc/01-basic-usage.md#installing-dependencies", "Read more about it at https://getcomposer.org/doc/01-basic-usage.md#installing-dependencies",
"This file is @generated automatically" "This file is @generated automatically"
], ],
"content-hash": "3885d09d6c24355b0c314fc3259d185b", "content-hash": "b8103011e139d9bd760edc1e2505b75f",
"packages": [ "packages": [
{ {
"name": "bacon/bacon-qr-code", "name": "bacon/bacon-qr-code",
@ -6999,6 +6999,7 @@
"ext-json": "*", "ext-json": "*",
"ext-libxml": "*", "ext-libxml": "*",
"ext-mbstring": "*", "ext-mbstring": "*",
"ext-openssl": "*",
"ext-pdo": "*", "ext-pdo": "*",
"ext-simplexml": "*", "ext-simplexml": "*",
"ext-sodium": "*" "ext-sodium": "*"

4
data/certs/public.pem
View File

@ -1,4 +0,0 @@
-----BEGIN PUBLIC KEY-----
MFkwEwYHKoZIzj0CAQYIKoZIzj0DAQcDQgAEv6ENZA59mzFvoDKTX3BI3Nx6di+x
WnsOAo9+zx0hnMnfzdhOS930ocFTBcyZmmF7iM7nhGicfiDfJKIyV8w+BA==
-----END PUBLIC KEY-----